<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class saporo_controller extends public_controller
{
    public function __construct(){
        parent::__construct();
    }

    public function index()
    {
        $this->load->view('saporo/index');
    }

    public function login_fb()
    {
        $app_id = "132080830287835";
        $app_secret = "468c4617e73a742ee1f84333913b1c56";
        $my_url = "http://www.yahoo.com";

        $code = $_REQUEST["code"];

        if(empty($code))
        {
            $_SESSION['state'] = md5(uniqid(rand(), TRUE)); // CSRF protection
            $dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
                . $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
                . $_SESSION['state'] . "&scope=user_birthday,read_stream";

            echo("<script> top.location.href='" . $dialog_url . "'</script>");
        }

        if($_SESSION['state'] && ($_SESSION['state'] === $_REQUEST['state']))
        {
            $token_url = "https://graph.facebook.com/oauth/access_token?"
                . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
                . "&client_secret=" . $app_secret . "&code=" . $code;

            $response = file_get_contents($token_url);
            $params = null;
            parse_str($response, $params);

            $_SESSION['access_token'] = $params['access_token'];

            $graph_url = "https://graph.facebook.com/me?access_token="
                . $params['access_token'];


        }
        else
        {
            echo("The state does not match. You may be a victim of CSRF.");
        }
    }

    public function login()
    {
        $this->load->view('saporo/login');
    }


}